You are on page 1of 38

Wireless Threats and Attacks

By: Sinju C
Roll no : 49
• Wireless Outline
• Introduction
• Wireless Security Requirements
• Threats
• Vulnerabilities
• Taxonomy of Attacks
• Attack against Wireless networks
• Against 802.11 network
• Bluetooth
• Handheld devices
• Summary
• Fastest growing segment of Computer
• Connection to LAN,WAN,PAN on the
• Portable office –Phone ,fax ,email ,file
retrieval ,login on machines.
• Rescue, Military
• Slow ,Error-prone, Transmission
• Wireless devices use Radio Frequency
(RF) technology to facilitate
• Various types of wireless
communication solutions use different
frequencies, most regulated by
• 802.11 and Bluetooth operate in the
2.4Ghz unregulated band.
Common wireless usage
• Wide Area Networks (WANs)
using GPRS, GSM etc.
• Local Area Networking (LANs)
using 802.11b (aka Wi-Fi).
• Personal Area Networking
(PANs) using Bluetooth.
Security Requirements Expected
from Wireless Communication
Wireless security
• Same for wired & wireless
• CIA requirement-
• Confidentiality: Keeping secrets secret!!
• Integrity: Data is unchanged
• Availability: Data is available for needful

• Authentication requirement of message

• Allow message non-repudiation
Attack and Threats
• Attack- Exploiting one or more
vulnerabilities of communication
• Threat- Object, person or Entity
representing a danger to security of
communication medium
• Particular threats – Device theft, theft
of service, espionage.
Threat agents
Majority of threats are hackers
• Accidental Users
• Script Kiddies-
• Casual Hackers-
• Skilled hackers-

• Lot of freeware are available for

hacking e.g.: netstumbler ,Kismet
,WEPcrack ,HostAP
• Weakness or fault in the communication media
allowing assurances to be compromised
• Since transmissions are broadcasted, they are
available freely for anyone with right
• Un authorized access
• Identity theft
• Un authorized equipment
Classification of Attacks
Taxonomy of Attacks
Passive attacks:
No content modification
Confidentiality threats
Two types :
1. Traffic analysis-
2. Eaves dropping-
Taxonomy of Attacks
• Active attacks : CIA is questioned

Types :
1. Masquerading- Impersonating
2. Replay- Man in the middle
3. Message modification- alteration
4. Denial of service (D o S)-flooding and jamming
Attack against Wireless

1. Against 802.11 Networks :

2. Against Blue tooth
Networks :
3. Against Hand held Devices
Attack against 802.11
What is 802.11 ???
• Two fundamental architectural
• Station (STA). Basic Service Set Identifier (BSSID)
• Access Point (AP). Service Set Identifier (SSID):

• Infrastructure mode and ad hoc mode

are the two basic network topologies
Ad hoc

Infrastructure Mode
Passive attacks on 802.11
• Interception & Monitoring :
• Attacker needs to be in range of access point
• No need of compromising a system since signals
are broadcasted
• 802.11 b can have directional antennae which
enhance the risk of detection and attack because
it can exceed physical boundaries its not mean to
Passive attacks on 802.11
• Traffic Analysis :
3 uses are
• Identify activity on network.
• Identify physical locations of access points
(s s i d broadcasting)
• Identify types of protocols used in network
for exploiting their flaws (pattern of packets
e.g. TCP-Syn\SynAck\Ack)
Passive attacks on 802.11
• Passive eavesdropping:
• Attacker monitor sessions not encrypted
• Reads the transmitted data and accumulate
information through studying the packets
• Active eavesdropping:
• IP Spoofing- Attacker changes the destination I P
address of packet to the address of a host they
control . When actual host does not get message
then message is resend so its undetected.
Active attacks on 802.11
1. Masquerade:
• Spoofing and id theft
• Unauthorized clients
• Brute force attacks
• Unauthorized access points

2. Man in middle:
3. Denial of Service:
• Jamming
• Flooding
Attacks against Blue tooth
What is blue-tooth?
• Open standard for Short range digital
• Fast and reliable
• Data + Voice communications
• Its employed to connect 2 blue tooth
devices e.g. phone, p d a, printer, mouse
Passive attacks on blue tooth
• Authorized remote users use insecure
links which are sniffed up by attackers
– If link is compromised then traffic analysis
– If system is compromised then data
manipulation and obtaining user details
Active attack on blue tooth
1. Masquerade: device authentication is
done not user so any device if
compromised possess as threat
Attacker C
2. Man in middle:

Device A Device B
Active attack on blue tooth
1. Message modification : use of un
trusted p d a and capture all yr
contacts to send messages
2. D o S- jamming the 2.4 Ghz Ism band
it operates with devices like baby
monitors which work on that same
Attack on Hand held devices
What are hand held devices ?
• Have their own IP address
• E.g. pager ,smart phone, tablets
Passive attack on Hand held
• Eavesdropping:
• Hand held devices have default enabled
• Data is encrypted
Active attack on Hand held
• Denial of service-
• Cell phones are jammed
• Virus, Trojan , worm
• Spamming inbox

• 3g phones have continuous connection

with the network so they are prone to
attack and traffic analysis
• Threats and attacks for wired and
wireless is same
• CIA principle should be kept

New Security measure ->

New vulnerability discovered->
New hacking tool
Fighting back
• End to end security at application, transport and link
• Authentication of people
• Cryptography-
• Security checklists
• Almost any given single security mechanism alone may
be easily overcome by attackers. However, proper
configuration and implementation of the maximum
possible security mechanisms must be used to form a
hodgepodge of multiple security layers, in effort to
provide the best possible wireless protection.
– Mutual authentication
– Strong confidentiality and dynamic re-
• Firewalls, anti-virus software

– Managerial solutions
• Security management practices and controls
• Establish security policies
• Regularly conduct security audits and risk
• Provide user education